Anomaly Detection System in Industrial Control System using Machine Learning

Abstract

An industry is composed of various types of machines and instruments interconnected through a system of network performing in harmony following specific instructions assigned to specific nodes or equipment. Industrial control system refers to the whole environment that keeps everything included in the industrial system in order. Like any other system, industrial control system is also prone to attacks which might result in massive loss. In this paper, six machine learning algorithms have been applied for detecting the presence of anomaly in industrial control system using HIL-based Augmented ICS (HAI 21.03) Security Dataset. The dataset has been analyzed using analysis of variance to extract 50 of the most important features from each sample in the dataset. All the machine learning models' performances are recorded, and a full comparative analysis for hyperparameter optimization, downsampling-upsampling with hyperparameter tuning, and without hyperparameter tweaking is shown. Random search cross validation has been employed for hyperparameter optimization, and synthetic minority oversampling technique has been used for upsampling. In terms of several evaluation metrics like accuracy, recall, precision, F1-score, Receiver Operating Characteristic (ROC) Area Under the Curve (AUC) and specificity, satisfactory performances have been observed. In addition to these evaluation metrics, which have also been used by other researchers in previous studies, we have evaluated the performance of our models using Geometric Mean(G-Mean) and Matthews Correlation Coefficient (MCC), which are considered two of the most important evaluation metrics in imbalanced datasets. Using our proposed approach, a maximum recall score of 99.77% and an F1-score of 99.50% have been achieved, which are significantly higher than previous studies. Maximum G-Mean of 99.89% and MCC of 0.9950 have been obtained by the application of K-Nearest Neighbors (KNN) model. Therefore, our proposed approach has the prospect to be an efficient method for detecting anomalies in industrial control systems and taking appropriate actions.